Webhook does not send clientKey, how to use Connect httpClient to send request to host?


I have registered webhook on issue_created event and need to send post request to host after webhook is fired. Here is part of connect.json file:

"authentication": {
        "type": "jwt"
    "lifecycle": {
        "installed": "/installed"
    "scopes": [
    "apiMigrations": {
        "signed-install": true,
        "context-qsh": true
    "modules": {
        "webhooks": [
                "event": "jira:issue_created",
                "url": "/issue_created?issueKey={issue.key}",
                "filter": "projectType = service_desk"
                "event": "user_created",
                "url": "/user_created"

Webhook is fired but cannot create an instance of httpClient in ACE because clientKey is empty:

app.post('/issue_created', (req, res) => {
      console.log("Context: ", req.context, req.headers)
      const httpClient = addon.httpClient(req);
     # httpClient is null


  http: null,
  title: 'Foo',
  addonKey: 'Bar',
  clientKey: '',
  token: '',
  license: 'none',
  localBaseUrl: 'https://add-on-host.ngrok.io',
  hostBaseUrl: '',
  hostUrl: '',
  hostStylesheetUrl: '/atlassian-connect/all-debug.css',
  hostScriptUrl: 'https://connect-cdn.atl-paas.net/all.js'


  host: 'add-on-host.ngrok.io',
  'user-agent': 'Atlassian Webhook HTTP Client',
  'content-length': '9915',
  accept: '*/*',
  'accept-encoding': 'gzip,deflate',
  'atlassian-connect-version': '1001.0.0-SNAPSHOT',
  authorization: 'JWT xxxxxxxxxxxxxx',
  'content-type': 'application/json; charset=UTF-8',
  'x-atlassian-webhook-identifier': '1685121028676178442',
  'x-atlassian-webhook-retry': '4',
  'x-b3-sampled': '1',
  'x-b3-spanid': '07d95938b8da5801',
  'x-b3-traceid': '07d95938b8da5801',
  'x-forwarded-for': '',
  'x-forwarded-proto': 'https'

What am I missing?

Hi @bitmagic,
The clientId is present in JWT token in iss field (issuer)
JWT is also signed with the client’s secret - so verify if it really belongs to the issuer before sending the request back to Jira.


Thank you @TomaszZasada, appreciate it.

I use this code in normal request context (not webhook) in other apps.

const httpClient = addon.httpClient(req);

This works there but not in this case. What could be reason? Or is it because of new version of connect/ACE?

Also, addon.authenticate() gives error Forbidden (403), which is strange.

We have a connect app that creates and populates numerous fields through REST API.
I would like to use webhooks to send a webhook to the Connect App (which currently blocks it with a 403 from the Atlassian Webhook HTTP Client)
How can I, in a secure manner, send a webhook to the Connect App without having to authenticate to the Connect App in a manual manner (that current blocks all POST requests and requests externaly)?
Thank you